Configuring Custom Skin & Style for OBIEE 12c




Each version of OBIEE has a set of styles and skins designed to make the displaying of data visually appealing. This gives the end user the ability to select styles as per their need. Generally, each OBIEE version has a default style. For example, in OBIEE 12c, the default UI Skin and Style is called ‘Alta’. In 11g, it is ‘blafp’.

Clients often want to see their organization’s BI data with their company logo, colours, styles etc. Not surprisingly, customizing the OBIEE user interface is one of the most frequent activities undertaken while implementing OBIEE in an organization.

In this article, we will describe how to customize the Skin/Style in OBIEE 12c as per the customer requirements below:

Replace the Oracle logo with the Client logo
Change the header bar color in the analytics home page
Customize the OBIEE charts with a custom color pallete
Change the default style/skin


1. Unarchiving the Analytics EAR File:

OBIEE analytics components and configuration files are bundled together as an .ear file named ‘analytic.ear’ and are deployed in weblogic services as part of the installation and configuration. We are going to create our own customization under this file and then deploy it back in weblogic services.

It is always a best practise to make a back-up copy of the files and folders before starting any customization. This would help us to revert back to before the changes if anything goes wrong. The recommended files to be backed up are:


To begin the unarchiving process, please follow the below steps:

1 Navigate to C:\Oracle\Middleware\Oracle_Home\bi\bifoundation\jee to find the analytics.ear file, which is already deployed in weblogic.
2 Copy analytics.ear and paste it in your local folder D:\OBIEE.
3 Unzip the analytics.ear from D:\OBIEE\analytics ear with your preferred zip tool.
custom style OBIEE 12c


4 Further unzip the analytics.war file in another folder to avoid conflicts,
D:\OBIEE\analytics ear\analytic war.
custom style OBIEE 12c


Note: Don’t touch/modify the folders META-INF & WEB_INF.


2. Replacing the Oracle Logo:

To Replace the Oracle logo with the client logo in the analytics home page:

Navigate to ‘res’ in D:\OBIEE\analytics ear\analytic war\res.
In this folder, we can find separate folders for each Skin and Style:
»  Folders starts with ‘s_’ refers for style
»  Folders starts with ‘sk_’ refers for skin
Decide on which out-of-the-box style we are going to extend with our new customization. We can either add our customization in an existing style or make a copy of any folder for customizing the style & skin and then rename it, like s_CPcustom, sk_CPcustom.
Navigate to ‘D:\OBIEE\analytics ear\analytic war\res’ and open the filemap.xml file and do the below change only if you have created the custom folder (s_CPcustom). Otherwise skip this step if you are customizing the existing style(for s_Alta). Change the code as below to extend the Alta style to the new custom skin and style ‘s_CPcustom’ and ‘sk_CPcustom’.
 Figure 3


Here I’m doing my customization under s_Alta folder after backing up the original folder, so I just skipped the above step.
Move to the location ‘D:\OBIEE\analytics ear\analytic war\res\s_Alta\master’.
Rename the oracle_logo to some other name(ex: oracle_bkp) and paste the custom picture with the same dimensions the as oracle logo has. Name the custom picture as oracle_logo.

 Figure 4



3. Changing the Header Bar Color in the Analytics Home Page:

By default, the header bar of the OBIEE Analytics web page is grey. To customize this color :

Navigate to D:\OBIEE\analytics ear\analytic war\res\s_Alta\master.
Find and open the file ‘custom.css’.
The custom.css file is an empty file that is imported by the master.css file. You can use the custom.css file to add your own CSS classes, which will override the classes in the master.css file.
Keeping the custom code in custom.css file enables you to take advantage of future improvements to the master.css file that are applied by patches and upgrades.
To get the class/ id’s, login to analytics through Chrome, right-click and choose "inspect" to inspect the elements whose styles you want.
custom style OBIEE 12c


Override the code with your custom code as below in custom.css file.
custom style OBIEE 12c


Save and close the file.


4. Customizing the Default Color Pallete:

In OBIEE 12c, the initial colors of default color pallete are blue and green, therefore, the graphs and charts are generated in those colors by default. To modify the color pallete and use the standard colors of your organization, follow the steps below.

Navigate to D:\OBIEE\analytics ear\analytic war\res\s_Alta\master.
Open ‘graph.xml’ file with the text editor. Here you will find the list of SeriesItems just below the SliceLable tag.
 Figure 7


Change the color code as per your need and save the file.


5. Set OBIEE Default Style & Skin:

The default Skin and Style for each version of OBIEE is set in the file named ‘instanceconfig.xml’. The default style for OBIEE 12c is ‘Alta’. Since I made my customizations under s_Alta, I don't need to modify the style name in instanceconfig.xml.

In case you are doing the customization under your own custom folders (s_CPcustom/sk_CPcustom) then follow the below steps.

Navigate to C:\Oracle\Middleware\Oracle_Home\user_projects\domains\bi\config\fmwconfig\biconfig\OBIPS.
Open & Edit the instanceconfig.xml file with text editor.
Change the DefaultSkin and DefaultStyle as CPcustom as per the screenshot below.
custom style OBIEE 12c


6. Archiving the Analytics EAR file:

Now we are done with the customization part. So bundle the files back in analytics.war and then analytics.ear as before.

Analytics.war should be archived with the below files.
 Figure 9


Analytics.ear should contain the below files.
 Figure 10


Copy and paste the ‘analytics.ear’ file into the source location. C:\Oracle\Middleware\Oracle_Home\bi\bifoundation\jee.

Now ‘analytics.ear’ file is ready to deploy with the custom styles.


7. Deploy the analytics.ear File:

To deploy the analytics.ear file with custom styles:

Login to Weblogic Server Administration Console with Administrator credentials.
Navigate to Domain Structure -> Deployments -> control tab.
Select analytics from the deployment list and click on Stop -> Force Stop now.
custom style OBIEE 12c


Click on 'Lock & Edit' from the left side panel.
Go to the Configuration tab, there you can see the status of anlytics has been changed.
Now select 'analytics' and click on ‘Update’ to update the new changes from analytics.ear file.
Browse the source path where the analytics.ear file is saved and click on 'Finish'.
custom style OBIEE 12c


Once the deployment is successfully updated, click on the 'Activate the Changes' tab.
custom style OBIEE 12c


Now move to the 'Control' tab and start the analytics by servicing all requests.
custom style OBIEE 12c


Now the status should be Active as per the below sceenshot.
custom style OBIEE 12c

To reflect all changes made in the analytics deployment, perform a Full Restart in OBIEE by using the and script files or by restarting the services from Oracle Enterprise Manager(EM).


8. Restarting the Services From Enterprise Manager:

Login to Oracle Enterprise Manager with administrator credentials.
Navigate to Target Navigation tree -> Business Intelligence -> biinstance -> Availability.
Click on the 'Restart All' button to restart all the services.
custom style OBIEE 12c


Note: As a best practise, Clear the browser cache files before login to OBIEE analytics.


9. Testing the Customization:

Login to OBIEE Analytics and check the default style and logo in OBIEE analytics home.
Navigate to any report that is saved under the catalog and see if the default color palette for OBIEE graph has been changed in the report.
custom style OBIEE 12c




Every organization likes to have their business reports and charts aligned to their standards with respect to skin and styles. OBIEE offers us the flexibility here to modify the text fonts for the reports and to have a custom color palatte for the graphs, logos and skin as per the standards of the organization.

Further customization can be made on the css files referred in this article to improve the look and feel of the OBI analytics home page, reports and charts.

If you want to know more about how to customize your reports and charts and enhance your visualizations you can always contact us!


ReportMessenger 2.0




El año pasado lanzamos ReportMessenger, nuestra herramienta de distribución de informes de Tableau Server. ReportMessenger actualiza, personaliza y distribuye toda la información de tu empresa cuando y a quién tu quieras en múltiples formatos (como PDF, PowerPoint o CSV, entre otros).

Ahora estamos orgullosos de informaros que hemos lanzado el nuevo y mejorado ReportMessenger 2.0 – una versión con más consistencia y estabilidad y con ¡muchas funcionalidades nuevas!

Report Messenger Log in page


ReportMessenger: Nuevo Look and Feel y funcionalidades en la Home

ReportMessenger ha mejorado su diseño para asegurar una experiencia de usuario óptima. La Home, que muestra todas las tareas programadas, ahora incluye un cuadro de búsqueda para que sea más fácil encontrar una tarea en concreto.
Además, puedes ordenar por columnas, seleccionar varias tareas a la vez y llevar a cabo distintas acciones para cada una, incluyendo: duplicar, enviar informes ahora, activar o desactivar la tarea.
Se ha añadido un color para cada tarea (verde, amarillo o rojo) para que puedas reconocer su estado en un vistazo.

ReportMessenger homepage


ReportMessenger: Nuevas funcionalidades

Estas son las nuevas funcionalidades que puedes encontrar en la nueva versión de ReportMessenger:

Importar contactos: Puedes importar listas de contactos directamente desde un archivo CSV en lugar de entrarlos manualmente.
Ejecutar tareas mientras estás desconectado: Ya no necesitarás estar conectado para que se ejecute una tarea. Esta funcionalidad es muy útil para empresas con una política de seguridad muy estricta.
Filtros de usuario: Con esta nueva funcionalidad puedes definir, dentro de una misma tarea, qué información va a recibir cada usuario y asegúrate que cada persona recibe los datos que le son relevantes.
Repetir tarea: Establece, con intervalos personalizados de minutos o horas, cada cuánto quieres que una misma tarea se ejecute. Esta nueva funcionalidad está pensada para empresas que necesitan tener información actualizada constantemente.
Descarga tus informes localmente: Puedes descargar tus informes en tus carpetas compartidas o intranet corporativa. Esto es útil, por ejemplo, si necesitas tener guardado un histórico de todos tus informes.
Reporte de errores:
»  Reporta errores en la tareas: Cualquier error durante la ejecución de una tarea será reportado a la dirección de email que se desee.
»  Reporta errores en la aplicación Web: Estos errores se reportaran al departamento de soporte de ClearPeaks para que podamos solucionar cualquier incidencia lo antes posible.
Evita que se envíen informes vacíos.
Especifica el SMTP sender: Puedes especificar el campo “De” de tus emails.
Inicia sesión en ReportMessenger: Ahora puedes iniciar sesión con cualquier cuenta de administrador de Tableau.

Figure 3


Cómo funcionan los filtros de usuario?

Una de las principales nuevas funcionalidades de ReportMessenger 2.0 es el filtro de usuario.

Permite al administrador crear una tarea utilizando filtros dinámicos. De esta forma evitamos crear una tarea distinta para cada vista que queramos enviar.

El filtro de usuario se define en el perfil del usuario y cada usuario de puede crear con hasta 4 filtros distintos:

Figure 4



En el caso anterior, el primer filtro se ha utilizado para poder filtrar por regiones y el segundo nos permite filtrar por categorías. Esto es útil cuando una empresa quiere mandar un informe a cada agente de zona. En lugar de crear una tarea para cada agente o región, ahora se puede incluir todo en una misma tarea. Además, puedes añadir más de un valor por usuario y filtro añadiéndolos entre comas. Por ejemplo: North, South, East, West

Cuando los filtros de usuario están definidos los puedes aplicar a cualquier tarea:


Figure 5

Como puedes ver, la fórmula para utilizar el filtro es: Region=<<filter1>>&Category=<<filter2>>, Tanto la vista de la región cómo la de la categoría viene de Tableau.

En las siguientes imágenes puedes ver el resultado después de aplicar un filtro dinámico:

Figure 6

Figura 1: Informe de Antonio (filtrado por la región "South")                   Figure 2: Informe de Jordi (filtrado por la región "West") 


Si un usuario no tiene ningún filtro definido, recibirá el informe con todos los datos.



Esta última versión de ReportMessenger aporta mayor estabilidad y asegura una mejor experiencia de usuario. Las nuevas funcionalidades permiten personalizar mucho más cualquier tarea, permitiéndote aplicar filtros dinámicos y repetirlas sin tener que duplicar una tarea original varias veces.

¡No dudes en contactar con nosotros si quieres recibir más información o una demostración gratuita!


ReportMessenger 2.0




Last year we successfully launched ReportMessenger, our easy-to-use report distribution solution for Tableau reports. With ReportMessenger, you can reliably schedule and deliver your reports to anyone in your organization in any combination of file formats from enriched PDF to CSV!

We´re now proud to announce the new improved ReportMessenger 2.0 - a version that brings greater consistency, stability and a bunch of new features!

Report Messenger Log in page


ReportMessenger New Look&Feel and Homepage Functionalities

ReportMessenger has improved its design for optimal user experience. The homepage, which displays all scheduled tasks, now has an integrated search box that makes it easy to find a task. You can also sort data columns through an interactive table, select multiple tasks from the aforementioned table, and perform different actions for each selected task, including duplicate, run now, activate and deactivate. Color-coded tasks (red, yellow, or green) have also been added make it easier and quicker to identify their current status.

ReportMessenger homepage


ReportMessenger New Features

Below you can find a list of the new features we have implemented in this version:

Import contacts: you can import multiple contacts from a CSV file as opposed to entering the contacts manually.
Run tasks while logged off: You do not have to be logged on anymore to run a task. This feature is useful if your company has a very strict security policy.
User-filters: With this new feature, you´re able to send reports to multiple users with different filters applied by creating just one task. Find out more about this feature in the next chapter!
Repeat task: With this option your task will be executed in set intervals of minutes and hours. This option is very useful for companies in need of constant progress updates on their critical data.
Download reports locally: You can download your generated reports locally. This is very useful, for example, if your company needs to store all your reports and make a history vault. They can also be downloaded to a network drive.
Report errors:
»  Report task failures: Any error during the execution of a task will be reported to a previously defined e-mail address.
»  Report web application errors: these errors will be reported to ClearPeaks Support so we can solve any inconsistencies as soon as possible.
Prevent sending empty reports.
Specify SMTP sender: you can specify the “From” field of your email.
Log in to ReportMessenger: you can now login with any Tableau Administrator account.

Figure 3


How do user-filters work? 

One of the main new features of ReportMessenger 2.0 is the User-Filters functionality.

It allows the ReportMessenger administrator to create a task using a dynamic filter. This feature prevents the creation of multiple tasks within the same view.

The user-filter is defined on each user profile and can be set up with up to four filters per user:

Figure 4



In the case above, filter one has been set to filter by regions and filter two is filtering by categories. This is useful for when your company wants to send a report to each agent of every region. Instead of creating a task for every region, you can now condense it all into a single task. You can also add different values for any filter by separating them with a comma (,). For example: North, South, East, West

Once the user-filters are defined, you can apply them to any task:


Figure 5

As you can see, the formula of the filter is Region=<<filter1>>&Category=<<filter2>>, Region and Category are fields from the Tableau’s view.

The next two images show the result of applying the dynamic filter:


Figure 6

Figure 1: Antonio’s Report (filtered by South region)                     Figure 2: Jordi’s Report (filtered by West region)


If a user doesn’t have any filter defined, then that user will receive the report with the full content of data.



This new version of ReportMessenger provides greater stability and ensures a better user experience. The new features make ReportMessenger more configurable than ever, allowing you to customize each task with a dynamic filter and set up repeating tasks without needing to duplicate the original task multiple times.

Don't hesitate to contact us if you would like to receive more information about ReportMessenger or request a free demo!


Configuring SSL for OBIEE 12c




This article deals with how to configure SSL for OBIEE 12c. The SSL (Secure Sockets Layer) enables the communication between the application server and the client via an encrypted link.

While deploying the OBIEE in an organization, we must ensure the SSL is configured using the client’s certificates in order to make sure the interaction between the browser and application server is private, since the BI dashboards contain data confidential to the organization.

1. High-Level Steps to enable SSL for OBIEE 12c

Before getting into the hands on, let’s understand the high level steps involved in this configuration:

Generating the required certificates and keystores for SSL communication
Configuring Weblogic Admin Server, Node Manager and Managed Server for SSL
Configuring Internal WebLogic Server LDAP to Use LDAPs
Configuring Internal WebLogic Server LDAP Trust Store
Disabling HTTP
Configuring OWSM to use t3s
Enabling Oracle BI EE Internal SSL for BIEE


2. Assumptions

We assume OBIEE 12c is installed and configured in a Windows/ Linux server with the DSN – The BI services are accessible using the following links with default OBIEE 12c ports:

Weblogic Console
EM Console
BI Presentation services


3. End to End SSL configuration for OBIEE 12c

3.1 Generating the required certificates and keystores for SSL communication

Create a folder under Oracle Home where OBIEE 12c is installed. For E.g. /ssl
Set the environment variable PATH to include the JAVA_HOME/bin directory.



set JAVA_HOME=<path to JAVA install root>



export JAVA_HOME=<path to JAVA install root>

export PATH=$JAVA_HOME/bin:$PATH


Create Java key store: Invoke the Java keytool utility to create a java key store. For example:


keytool -genkey -alias <alias> -keyalg RSA -sigalg SHA256withRSA -keysize <key_size> -keypass <password> -keystore <keystore_name>.jks -storepass <password> -storetype <store_type> -validity <days_of_validity>


For example:


> keytool -genkey -alias obiee12c -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -keypass Clearpeaks123 -keystore obiee12c.jks -storepass Clearpeaks123 -storetype JKS -validity 365
 What is your first and last name?
 What is the name of your organizational unit?
 [Unknown]: admin
 What is the name of your organization?
 [Unknown]: Clearpeaks
 What is the name of your City or Locality?
 [Unknown]: Abu Dhabi
 What is the name of your State or Province?
 [Unknown]: Abu Dhabi


Create a Certificate Signing Request (CSR). Use the following command to create a Certificate Signing Request:


keytool -certreq -v -alias <alias> -keyalg RSA -sigalg SHA256withRSA -file <filename> -keypass <password> -keystore <keystore> -storepass <password>


>keytool -certreq -v -alias obiee12c -keyalg RSA -sigalg SHA256withRSA -file root_cert_req.csr -keypass Clearpeaks123 -storepass Clearpeaks123 -keystore obiee12c.jks
Certification request stored in file root_cert_req.csr

Submit this to your CA


Submit this CSR to the signing authority board and in return, the root, intermediate and server certificates will be provided.


Import the CA into the Java Keystore. Use the following command to import the root, Intermediate and server certificate to the Java Keystore.


» Import Root Certificate


keytool -import -trustcacerts -alias <alias> -file <cacert_file> -keystore <keystore> -keypass <password> -storepass <password>


>keytool -import -trustcacerts -alias rootca -file rootca.pem -keystore obiee12c.jks -keypass Clearpeaks123 -storepass Clearpeaks123
Trust this certificate? [no]: yes
Certificate was added to keystore.


» Import Intermediate Certificate


keytool -import -trustcacerts -alias <alias> -file <cacert_file> -keystore <keystore> -keypass <password> -storepass <password>


>keytool -import -trustcacerts -alias interca -file interca.pem -keystore obiee12c.jks -keypass Clearpeaks123 -storepass Clearpeaks123

Certificate was added to keystore


» Import Server Certificate


keytool -import -alias <alias> -file <servercert_file> -keystore <keystore> -keypass <password> -storepass <password>


>keytool -import -v -alias server -file server.cer -keystore obiee12c.jks -keypass Clearpeaks123 -storepass Clearpeaks123

Certificate reply was installed in keystore


Use the following command to verify whether the keystore contains the certificates


keytool -list -keystore <keystore> -storepass <password>


>keytool -list -keystore obiee12c.jks -storepass Clearpeaks123


In case if the key store contains chain of certificates, use the following command:


>keytool -list -v -keystore obiee12c.jks


3.2 Configuring Weblogic Admin Server, Node Manager and Managed Server for SSL
3.2.1 Configuring Weblogic Admin Server for SSL

Stop all the BI services using server script –




Start the admin server only by using the following command


> ./ –i Adminserver


Log in to WebLogic console.
Click Lock and Edit.
Select Environment > Servers. Click on Admin Server.
In the 'General' tab, update the Listen Address with the DSN -
Check 'SSL Listen Port Enabled'. 'SSL Listen Port’ : e.g. 9501 (make sure the port is available)

Image 1


Click 'Save'
Select Keystores’ tab and click the ‘change’ button to select Custom Identity and Custom Trust for keystores.
Update the details as follows.
» 'Custom Identity Keystore’: <path_to_keystore> eg. <ORACLE_HOME>/ssl/ obiee12c.jks
» 'Custom Identity Keystore': JKS
» 'Custom Identity Keystore Passphrase': <storepass_pwd> e.g.: Clearpeaks123
» 'Confirm Custom Identity Keystore Passphrase': <storepass_pwd> e.g.: Clearpeaks123
» 'Custom Trust Keystore': <path_to_keystore> e.g. <ORACLE_HOME>/ssl/obiee12c.jks
» 'Custom Trust Keystore Type': JKS
» 'Custom 'Custom Trust Keystore Passphrase': <storepass_pwd> e.g.: Clearpeaks123
» 'Custom 'Confirm Custom Trust Keystore Passphrase': <storepass_pwd> e.g.: Clearpeaks123
» 'Click 'Save'.   

Image 2

Note: In this, example the Custom Identity Trust keystore and Custom Trust Keystore are same.


Select the 'SSL' tab and enter the relevant information based on Step 1.
» 'Private Key Alias': <alias_given_when_creating_key> e.g. obiee12c
» 'Private Key Password': <keypass_pwd> e.g. Clearpeaks123
» 'Confirm Private Key Password': <keypass_pwd> e.g. Clearpeaks123
» Click 'Save'

Image 3
3.2.2 Configure Managed Server for SSL

Select Environment > Servers. Click ‘Managed Server bi_server1’
Perform the same changes done on the general tab in the Admin server described in the earlier step, by selecting the 9503 port for SSL (if available)

Image 4

Select the keystores tab and perform the changes as done in the keystore tab for Admin server and Click ‘Save’

Image 5

Select the SSL tab and perform the changes as done in then keystore tab for Admin server and Click ‘Save’

Image 6
3.2.3 Configure Node manager for SSL

Update the in <DOMAIN_HOME>/nodemanager folder with Custom Identity Keystore and Custom Trust Keystore details



CustomIdentityKeyStoreFileName=<Path to the Keystore>

CustomIdentityAlias=<Keystore Alias>

CustomIdentityPrivateKeyPassPhrase=<Key Passphrase>

CustomTrustKeyStoreFileName=<Path to the Keystore>


For example>








Import the Public certificates (root and intermediate) to Java Standard Trust Store, /jre/lib/security


>keytool -import -trustcacerts -alias rootca -file <oracle_home>/ssl/rootca.pem -keystore cacerts -storepass changeit

>keytool -import -trustcacerts -alias interca -file <oracle_home>/ssl/interca.pem -keystore cacerts -storepass changeit

3.3 Configuring Internal WebLogic Server LDAP to Use LDAPs

Make sure WebLogic Admin and Managed Servers are up and running
Login to EM. Click weblogic domain>Security >Security Provider configuration
Expand the Identity Store Provider
Click ‘Configure’
Click ‘+’ or ‘Add’ to add a new property
Select ‘ldap.url’ from the list. Enter the value’ ldaps://:’
For e.g.: ‘ldaps://'


Image 7

Click ‘Ok’

3.4 Configuring Internal WebLogic Server LDAP Trust Store

Expand the Identity Store Provider
Click ‘Configure’
Expand the Identity Store Provider
Click ‘Configure’
Click ‘+’ or ‘Add’ to add a new property
Select virtualize from the list. Enter "true" as the value
Click ‘OK
Make sure virtualize=true is set, as you are explicitly pointing the Administration Server
Restart all the BI services
Create LDAP Trust Store "adapters.jks"
Set the following environment variables


>export ORACLE_HOME=<Oracle_Home>

>export WL_HOME=<Oracle_home> /wlserver

>export JAVA_HOME=<path to JAVA install root>

>export PATH=$JAVA_HOME/bin:$PATH

>cd $ORACLE_HOME/oracle_common/bin


./ -host -port 9500 -domainPath <Oracle_home> /user_projects/domains/bi -userName 


Import the SSL certificates into ‘adapters.jks’ created in the <DOMAIN_HOME>/config/fmwconfig/ovd/default/keystores folder

3.5 Disabling HTTP

Login to Admin Console
Lock and Edit
Navigate to Environment > Servers > Admin Server
In the Admin Server General tab, uncheck ‘Listen Port’
Click 'Save'
Navigate to Environment > Servers > bi_server1
In the Managed Server bi_server1 general tab, uncheck ‘Listen Port’. Click ‘Save’
Navigate to Environment > Cluster > bi_cluster
Click Replication Check the ‘Secure Replication’

Image 8

Click 'Save'
Activate changes
Restart the BI services

3.6 Configuring OWSM to Use t3s

Login to EM
Select WebLogic domain, and cross component wiring, components
Select component type, OWSM agent
Select WebLogic domain, and cross component wiring, components
Select the row owsm-pm-connection-t3 status 'Out of Sync', and click ‘Bind’.
The HTTP(s) OWSM link is not used when using a local OWSM
Select ‘Yes’ in the pop-up box

Image 9

Confirm by accessing the policy via the validator:

3.7 Enabling Internal SSL for OBIEE 

Stop all the BI services
Execute the following command - /bitools/bin/ | .cmd script to enable internal SSL for OBIEE


>./ internalssl true


Restart the BI services
Validate the internal ssl configuration by running the following command


>./ report

4. Validating the SSL configuration

Try accessing the Weblogic console, EM, analytics and visual analyser with the configured SSL ports
» WebLogic Console -

Image 10


» EM Console -


Image 11


» BI Presentation services:


Image 12


Image 13


» Configure the DSN with ‘use SSL’ checked and try opening the RPD online

Image 14


In case if you are configuring the SSL for OBIEE 12c -, Add the following entry to the   file <Oracle_home>/bi/modules/






Configuring SSL in OBIEE 12c is quite a long and tedious process since it involves multiple restarts that may fail if the certificates are not properly imported to the keystore.  Always make sure the server ports to be configured for OBIEE SSL are open and available for clients.

Some organization may not use the intermediate certificates. In such cases, the root and server certificates are sufficient to perform this configuration. Last but not least, make sure the keystore directory has apt permissions set for the BI system to access the keystore and certificates.

Click here if you would you like to know more about how to configurate SSL for OBIEE.


Retrieving Active Directory Data into BI




Active Directory is used by most organizations to both manage users, groups and devices that are registered to the network and to maintain better network security solutions. This information can be extracted and made available to analyze authorization on different applications within your organization.

Below are few key details that can be retrieved from Active Directory:

UserID, Login Name
Employee’s First Name, Last Name
Employee Status
Job Title
User Mail ID
Employee Organization
Line Manager Details
Account Status
Member Groups


1. Motivation

In most business cases, HR systems will hold only information of users under the organization’s payroll, and not that of any contractors or external vendors working with the organization. This calls for extracting Active Directory data into the enterprise’s data warehouse and using it for further analysis in scenarios where we need to get the full list of employees (including direct employees, contractors, vendors etc.) along with their details, i.e, who will be accessing internal applications like service manager, BI services, general services applications, etc. If we can pull this information into OBIEE and automate the data load process, it enables us to generate audit reports and to analyse the access rights of users to various applications.

ADManager Plus data extraction and challenges: 

Manage Engine ADManager Plus is a web-based interface solution designed to meet Active Directory management requirements and report generation. It helps to perform audits for the defined security permissions for a specific AD object or for a specific user. The Report scheduler feature within enables the auto-generating of reports at specified times and delivers the report to multiple users via email in the desired format.

Although AD manager plus supports generating and scheduling reports, it can only be delivered to email accounts. Because of this limitation, automating the data extraction process from Active Directory and loading the data into a data warehouse is not possible.

2. Python solution for Automating Data retrieval and the loading process

Data Extraction from LDAP could be achieved using the LDAP library interface module for Python. Here we use ldap3, which runs off of pure, vanilla Python. ldap3 is supported in Python versions 2.6 and above.

The Ldap3 module needs to be installed in order to establish a connection to the server and retrieve data. It can be installed either using a pip package or by downloading the latest version from LDAP3 source location and install it using command - Python manually.  You should refer to Ldap3 library documentation for further references.

Defining server details and establishing connection to the LDAP server

In order to establish a connection, the first server object needs to be defined. The Server object specifies the DSA (Directory Server Agent) LDAP server that will be used by the connection. The user then needs to define a host variable, which will be host name/IP/complete URL with hostname, host port of LDAP server. This is required to create the server object.

# import class and constants 
from ldap3 import Server, Connection, ALL

#define the server
hostname = 'servename'  # hostname for LDAP server 
server = Server (hostname, get_info=ALL)

The connection object will send operation requests to the LDAP server. It takes different parameters like server, username and password for performing operations in the server. The connection object also requires authentication type and read only parameters that define the type of operation to be performed on the server.

# define the conncetion 
uername = ''  #user account to access server 
password = '*********'  # password for authentication
connection = Connection (server, user=username, password=password, auto_bind=True, collect_usage=True)

Once the connection object is defined, the bind() method is executed to open the connection with the server. The bind operation allows credentials to be exchanged between the client - server and establishes a new authorization state. Connection once established enables to perform all the standard LDAP operations.

Accessing AD information and generating files

The Search method in the connection object enables search operations on the LDAP database. It takes the following parameters:

Search Base: takes the base of the search request
Search Filter: takes the filter to be applied on the search request
Search Scope: defines how broad the search context is. BASE, LEVEL, SUBTREE are the values
Attributes: a single attribute or a list of attributes which can be returned by the search
Get Operational_Attributes: if True, returns information attributes

Search method takes many other parameters like time limit, size limit etc. You may refer to the Ldap3 documentation for further reference. By default, Active Directory sets a hard limit of 1000 entries returned for any search, mainly due to security constraints. It is better to go for a paged search method when retrieving AD, as the entries to be retrieved will be more than 1000 records in many cases.

Instead of a simple search operation, here we are doing a paged search to retrieve the full list of entries from the AD server.

# define parameters and calling search method
base = 'dc=clearpeaks, dc=corp, dc=ae'  # defining case for search operation 
filter_value = 'All BI Users Group'  # defining filters for search operation 
attrs = ['SAMAccountName','Title','dislpayname','department']  #defining required attributes from AD

data = c.extend.standard.paged_search(search_base) = base_dn, search_filter = ' (memberOf = '+allBIusers+')',
search_scope = SUBTREE,
attributes = attrs, 
get_operational_attributes = True
paged_size = 15, generation = True)

Responses received from the Search operation will be in a list format and stored in the Response attribute of the connection object.  The response object can be iterated over to retrieve the results.  A few data cleansing steps are required to carry it out, as Active Directory data text will be in UTF-8 format, necessitating its decoding into ASCII format. Once retrieved, the response data is updated to a CSV file, which can be saved at a shared location in the server.

Figure 4

Figure 1: Sample of the response data updated to a CSV file

Files generated through Python scripts can be accessed by ETL Mapping, which is configured to extract data from excel as source and loads it into warehouse tables, where your data is ready to be visualized in any BI tool. Below is a sample report using LDAP data.


Figure 2: Sample of Active Directory Data displayed in BI Report

Unix Crontab command can be used to schedule the script, based on the frequency required to refresh data from the Active Directory. ETLs are further scheduled respectively to load new sets of data from the generated source file.


In this blog post, we describe a solution to automate the Active Directory Data retrieval and loading process into BI environments using Python. Active Directory information can be utilized for analyzing Security Privileges granted within an organization, which in turn helps to audit user access to various applications.

Although we explained only the scope of reading Active Directory data, it is not the only benefit of this method. Once an authenticated connection is established with the server, all standard LDAP operations can be performed using the LDAP3 Python library.

Contact us if you want to have more information about how pull HR information into OBIEE.


privacy policy - Copyright © 2000-2010 ClearPeaks